Pennywise Ransomware Removal Guide

Do you store any important data on your operating system? If you do, hopefully, this data is backed up because it could be a target of Pennywise Ransomware. This ransomware is currently in development stages, and no one knows if it will be unleashed at all, but its predecessor is Jigsaw Ransomware, a well-known file-encrypting infection, and so it must be taken seriously. If this threat worked the way it is meant to, it would infiltrate operating systems, encrypt files, and demand a ransom fee. Unfortunately, those victims whose files are not securely backed up are likely to pay the ransom because, ultimately, that is the only thing that they, allegedly, can do. The bad news is that no one is likely to get their files decrypted by paying the ransom. The good news is that this particular ransomware is not yet a real threat, and, hopefully, you can protect your operating system against it in time. Continue reading, and you will learn what you need to do to protect your operating system or delete Pennywise Ransomware.

Pennywise Ransomware is a new variant of the well-known RaaS (Ransomware as a Service) infection known by the name Jigsaw Ransomware. Since this malware is not yet fully created and unleashed, we cannot say how exactly it spreads. It is possible that this malware could be spread using misleading spam emails as a harmless-looking attachment, or it could be spread via malicious downloaders. Once the threat infiltrates the Windows operating system, it creates a file called “NotTxTest.notxt”. The threat also launches a ransom note file that takes over the entire screen and simulates a lock-down. The operating system is not locked, and it is possible to kill the ransom note via the Task Manager. At the time of research, the C&C server linked to Pennywise Ransomware was, most likely, not set up, due to which, the encryption was not possible. However, if the server was activated, the infection should encrypt all kinds of personal files – including archives, photos, and documents – using the Advanced Encryption Standard (AES) algorithm. The “.beep” extension should be attached to the names of all corrupted files. Unfortunately, files cannot be recovered by removing this extension.

Ransomware infections keep emerging, and some of the latest ones include Trick-Or-Treat Ransomware, Ordinal Ransomware, and Phobos Ransomware. All of them are different, but all of them – at least, most of them – target your personal files. More aggressive threats can encrypt files and push victims to pay ransom fees. Less aggressive ones can lock screens and present misleading notifications suggesting that files were encrypted. Sometimes, it can be hard to distinguish between these kinds of threats, which is why it is always recommended that you check whether or not files are encrypted. If the screen is blocked, accessing the system via Safe Mode might help. The version of Pennywise Ransomware our malware researchers have analyzed did not encrypt files, but we cannot promise that this will not change. In either case, protecting the operating system is truly important, and it is strongly suggested that all Windows users employ reliable and up-to-date anti-malware software.

Have you decided to install anti-malware software to ensure all-time Windows protection? If you have, you do not need to worry about the elimination of existing threats because this software should be able to delete it automatically. If it cannot, you might need to update the program, or you might need to choose a different, more efficient one. That being said, removing malware manually is also possible. For example, you should be able to remove Pennywise Ransomware using the instructions below. Note that you need to terminate a process to unlock the screen and then you need to delete the file associated with the process. If you have at least a little bit of experience, none of this should be difficult for you. Of course, if you have questions or you want to discuss something about the infection, feel free to do so via the comments section below.

How to delete Pennywise Ransomware

Launch Task Manager via the menu that you launch by tapping Ctrl+Alt+Delete.

Click the Processes tab and identify the {random name} process linked to the ransomware.

Right-click the process and select Open file location to find the {random name}.exe file.